How the UAE Turned Government AI From a Showcase Into a System, According to New INSEAD and Yango Tech Research
The United Arab Emirates appointed the world's first AI minister in 2017. It has committed AED 13 billion to cloud and AI infrastructure, embedded AI strategy in federal law, and is actively building what Abu Dhabi now calls an "AI-native government." By any measure, it has more political will, more capital, and more institutional momentum behind AI than most democracies will accumulate in a decade. Its government AI programmes are still stalling: not because models underperform, not because compute is scarce, but because data sits fragmented across agencies, governed by incompatible classification rules, and is too sensitive to access in live production environments without months of unblocking work nobody planned for.
That finding sits at the centre of a white paper published this month by INSEAD and Yango Tech, drawn from in-depth interviews with Chief AI Officers and digital transformation leaders across the UAE public sector. Its central argument is deliberately counterintuitive: the primary barrier to government AI is not technological sophistication. It is whether governments have built the institutional foundations, specifically data governance, capability architecture, and procurement design, without which even well-funded, politically backed AI programmes accumulate pilots rather than outcomes.
The UAE is the right setting to test this precisely because it has eliminated most standard objections. When everything else is in place and deployment still stalls, what remains is structural. As INSEAD MBA graduate and co-author Victor Butenko puts it in the report's preface, "a pilot can look alive on stage; a public system must actually perform later, with incomplete information, citizens, and someone accountable for the answer."
Dark data and the cost of not naming the problem
Estimates cited in the report, drawn from IBM, Deloitte, and IDC, put between 80 and 90% of organisational data in the unstructured category: documents, correspondence, case files, records that sit outside formal databases, untagged, unclassified, never made machine-readable. Building a model-enabled solution on top of this material can take weeks. Integrating it into a securely governed, classification-compliant production environment that is compatible with legacy systems and national cloud security policy routinely takes months. "If the data is bad, fragmented, or unaligned, nothing will work, no matter how good the model is," one interviewee told the researchers directly.
Several practitioners cautioned that deploying large language models to unstructured content without prior governance work does not unlock the value embedded in it. It accelerates the confusion already there. Making dark data usable for AI requires building business glossaries, standardising metadata across agencies that have no tradition of agreeing on definitions, and retrospectively tagging material at a high cost. Governments are not broadcasting that problem. They are announcing model deployments instead.
Abu Dhabi and Dubai have moved against this constraint in different directions, and the contrast is instructive. Abu Dhabi's response is architectural. The Department of Government Enablement is constructing a layered data sovereignty framework, distinguishing data sovereignty, operational sovereignty, and technology sovereignty, and deploying shared stacks including an "AI in a box" toolkit and observability tooling to give agency CIOs visibility into where data resides, how it is encrypted, and whether it aligns with the national cloud security classification scheme.
The intent is to embed governance compliance as shared infrastructure rather than project-by-project overhead. One interviewee described the sequencing logic: experimentation on non-sovereign infrastructure using synthetic or non-sensitive data, while a sovereign deployment path is prepared in parallel, so that once a concept is proven, sovereignty becomes the mandate for scale rather than the obstacle to it. The ambition, as the report records, is for AI infrastructure to become "as invisible and reliable as electricity, always on, always trusted, and not something users think about."
Dubai moves faster and consolidates later. Data constraints tend to surface through pilots rather than upfront architectural design. Projects have stalled despite available budgets and technical capability because security, finance, and data-owning departments were not aligned before work began. In response, an AI Acceleration Task Force brings stakeholders together to unblock constraints in real time, and a "strategy-in-a-box" playbook helps AI leads anticipate data and governance risks before committing to delivery timelines. Of 183 potential generative AI applications identified across 33 government entities, Dubai's Centre for Artificial Intelligence narrowed the pipeline through successive feasibility and data-readiness filters, reducing it to 75 pilots and then to 15 exemplars selected for scaling. Departments are asked a direct question at the outset: "If this went live tomorrow, how would it impact people's lives?" Use cases that fail to meet data-readiness criteria do not advance, regardless of their strategic appeal.
The talent shortage nobody is measuring correctly
Across the UAE government interviews, the binding talent constraint is not engineers or AI skills in the conventional sense. It is what interviewees called "translators": people who understand both the technical requirements of AI systems and the institutional logic of sovereign public-sector environments, including data classification schemes, national cloud security policies, and the legal defensibility of administrative decisions. Alongside these sits an equally acute shortage of "orchestrators": programme leaders capable of driving complex, cross-functional AI efforts through to execution rather than coordinating them across calendars. These profiles are not produced by hiring pipelines. They are built slowly, over years of work across both technical and policy environments, and most governments have no deliberate pathway for developing them. As one interviewee observed, "technology is never the problem; everything comes down to people and how you orchestrate influence across them."
Procurement compounds the constraint. "Three months to contract and three months to build" is how one executive described the imbalance to the researchers, with administrative timelines matching technical delivery cycles on projects that should take weeks. AI development is iterative and data-dependent. Traditional public procurement is designed for fixed deliverables specified in advance. The mismatch is not incidental. It quietly shapes what gets attempted: initiatives requiring flexible contracting and staged delivery tend not to survive within procurement architecture, which tilts the portfolio toward whatever can be fully scoped up front, typically the work with the least transformative potential.
Abu Dhabi interviewees were blunt about why deep organisational redesign matters more than expanding the pipeline. "Patching AI onto existing processes rarely delivers structural impact," one official told the researchers. The emirate's response has been to treat entire domains, covering human capital, compliance, and investment management, as end-to-end redesign problems rather than collections of use cases, with AI embedded across the full lifecycle rather than applied to isolated tasks. The principle distilled across both emirates is the same: "scale what works, not what is promising."
When governance fails, AI makes the failure permanent
The Dutch childcare benefits scandal, the Toeslagenaffaire, runs through the report as a structural lesson. Poorly governed algorithmic risk scoring, inadequate human oversight, and institutional inertia produced systemic discrimination against tens of thousands of families and ultimately brought down the national government. The AI did not cause the failure. It handled the data governance issue quickly and at scale, a manual match, and removed the friction that might have surfaced the problem earlier. The UK's Windrush deportations follow the same sequence: inaccurate data, opaque automated decisions, no meaningful appeal mechanism, and consequences absorbed by the people least able to challenge them.
In government, the research notes, execution failure carries no commercial buffer. Private-sector errors become losses. Public-sector AI failures generate legal harm, political fallout, and institutional damage that takes years to repair. That asymmetry is what elevates data governance from a technical precondition to a political one, and why no AI programme can be assessed independently of the governance foundations beneath it.
The researchers are careful not to present the UAE as a replicable template. High administrative capacity, centralised coordination, and the structural imperative to reduce dependence on a large manual foreign workforce are conditions most governments do not share. What travels is the diagnosis: governments that treat AI as a technology deployment problem, while deferring data governance, procurement reform, and organisational redesign to later, are not building AI capability. They are building a larger backlog of institutional debt that will eventually determine what their AI programmes can and cannot do.
The UAE case makes that debt visible by removing the easier excuses. What remains when political will, capital, and capability are all present is the work that was never glamorous enough to announce: classifying records, building glossaries, reconciling ownership across agencies, and designing accountability into workflows before any model runs on them. Most governments are still announcing the model.
